Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
81abf8d5 by security tracker role at 2019-05-09T20:10:26Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,24 @@
-CVE-2019-11842 [Use SystemRandom for token generation]
+CVE-2019-11846
+ RESERVED
+CVE-2019-11845
+ RESERVED
+CVE-2019-11844
+ RESERVED
+CVE-2019-11843
+ RESERVED
+CVE-2019-11841
+ RESERVED
+CVE-2019-11840 (An issue was discovered in supplementary Go cryptography
libraries, ak ...)
+ TODO: check
+CVE-2019-11839 (njs through 0.3.1, used in NGINX, has a heap-based buffer
overflow in ...)
+ TODO: check
+CVE-2019-11838 (njs through 0.3.1, used in NGINX, has a heap-based buffer
overflow in ...)
+ TODO: check
+CVE-2019-11837 (njs through 0.3.1, used in NGINX, has a segmentation fault in
String.p ...)
+ TODO: check
+CVE-2019-11836 (The Rediffmail (aka com.rediff.mail.and) application 2.2.6 for
Android ...)
+ TODO: check
+CVE-2019-11842 (An issue was discovered in Matrix Sydent before 1.0.3 and
Synapse befo ...)
- matrix-synapse 0.99.2-5
NOTE:
https://matrix.org/blog/2019/05/03/security-updates-sydent-1-0-3-synapse-0-99-3-1-and-riot-android-0-9-0-0-8-99-0-8-28-a/
CVE-2019-11835 (cJSON before 1.7.11 allows out-of-bounds access, related to
multiline ...)
@@ -964,7 +984,7 @@ CVE-2019-11446 (An issue was discovered in ATutor through
2.2.4. It allows the u
NOT-FOR-US: ATutor
CVE-2019-11445 (OpenKM 6.3.2 through 6.3.7 allows an attacker to upload a
malicious JS ...)
NOT-FOR-US: OpenKM
-CVE-2019-11444 (An issue was discovered in Liferay Portal CE 7.1.2 GA3. An
attacker ca ...)
+CVE-2019-11444 (** DISPUTED ** An issue was discovered in Liferay Portal CE
7.1.2 GA3. ...)
NOT-FOR-US: Liferay Portal CE
CVE-2019-11443
RESERVED
@@ -1171,8 +1191,8 @@ CVE-2019-11355
RESERVED
CVE-2019-11354 (The client in Electronic Arts (EA) Origin 10.5.36 on Windows
allows te ...)
NOT-FOR-US: client in Electronic Arts (EA) Origin on Windows
-CVE-2019-11353
- RESERVED
+CVE-2019-11353 (The EnGenius EWS660AP router with firmware 2.0.284 allows an
attacker ...)
+ TODO: check
CVE-2019-11352
RESERVED
CVE-2019-11351 (TeamSpeak 3 Client before 3.2.5 allows remote code execution
in the Qt ...)
@@ -1238,8 +1258,8 @@ CVE-2019-11326
RESERVED
CVE-2019-11325
RESERVED
-CVE-2019-11323
- RESERVED
+CVE-2019-11323 (HAProxy before 1.9.7 mishandles a reload with rotated keys,
which trig ...)
+ TODO: check
CVE-2019-11324 (The urllib3 library before 1.24.2 for Python mishandles
certain cases ...)
- python-urllib3 <unfixed> (bug #927412)
NOTE: https://github.com/urllib3/urllib3/compare/a6ec68a...1efadf4
@@ -4169,6 +4189,7 @@ CVE-2019-1000031 (A disk space or quota exhaustion issue
exists in article2pdf_g
NOT-FOR-US: article2pdf Wordpress plugin
CVE-2018-20815 [device_tree: heap buffer overflow while loading device tree
blob]
RESERVED
+ {DLA-1781-1}
- qemu 1:3.1+dfsg-7
[stretch] - qemu <postponed> (Minor issue)
- qemu-kvm <removed>
@@ -5431,8 +5452,8 @@ CVE-2019-9849
RESERVED
CVE-2019-9848
RESERVED
-CVE-2019-9847
- RESERVED
+CVE-2019-9847 (A vulnerability in LibreOffice hyperlink processing allows an
attacker ...)
+ TODO: check
CVE-2019-9857 (In the Linux kernel through 5.0.2, the function
inotify_update_existin ...)
- linux 4.19.37-1
[stretch] - linux <not-affected> (Vulnerable code not present)
@@ -5522,6 +5543,7 @@ CVE-2019-9825 (FeiFeiCMS 4.1.190209 allows remote
attackers to upload and execut
NOT-FOR-US: FeiFeiCMS
CVE-2019-9824
RESERVED
+ {DLA-1781-1}
- qemu 1:3.1+dfsg-6
[stretch] - qemu <no-dsa> (Minor issue, pending for stable point update)
- qemu-kvm <removed>
@@ -9188,7 +9210,7 @@ CVE-2019-8385
RESERVED
CVE-2019-8384
RESERVED
-CVE-2019-8383 (An issue was discovered in AdvanceCOMP before 2.1. An invalid
memory a ...)
+CVE-2019-8383 (An issue was discovered in AdvanceCOMP through 2.1. An invalid
memory ...)
- advancecomp <unfixed> (bug #928730)
[stretch] - advancecomp <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/advancemame/bugs/272/
@@ -9201,7 +9223,7 @@ CVE-2019-8381 (An issue was discovered in Tcpreplay
4.3.1. An invalid memory acc
NOTE: Crash in a CLI tool, no security impact
CVE-2019-8380 (An issue was discovered in Bento4 1.5.1-628. A NULL pointer
dereferenc ...)
NOT-FOR-US: Bento4
-CVE-2019-8379 (An issue was discovered in AdvanceCOMP before 2.1. A NULL
pointer dere ...)
+CVE-2019-8379 (An issue was discovered in AdvanceCOMP through 2.1. A NULL
pointer der ...)
- advancecomp <unfixed> (bug #928729)
[stretch] - advancecomp <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/advancemame/bugs/271/
@@ -12149,8 +12171,8 @@ CVE-2019-7183
RESERVED
CVE-2019-7182
RESERVED
-CVE-2019-7181
- RESERVED
+CVE-2019-7181 (Buffer Overflow vulnerability in myQNAPcloud Connect 1.3.3.0925
and ea ...)
+ TODO: check
CVE-2019-7180
RESERVED
CVE-2019-7179
@@ -13573,12 +13595,12 @@ CVE-2019-6568 (A vulnerability has been identified in
CP1604 (All versions), CP1
NOT-FOR-US: Siemens
CVE-2019-6567
RESERVED
-CVE-2019-6566
- RESERVED
+CVE-2019-6566 (GE Communicator, all versions prior to 4.0.517, allows a
non-administr ...)
+ TODO: check
CVE-2019-6565 (Moxa IKS and EDS fails to properly validate user input, giving
unauthe ...)
NOT-FOR-US: Moxa
-CVE-2019-6564
- RESERVED
+CVE-2019-6564 (GE Communicator, all versions prior to 4.0.517, allows a
non-administr ...)
+ TODO: check
CVE-2019-6563 (Moxa IKS and EDS generate a predictable cookie calculated with
an MD5 ...)
NOT-FOR-US: Moxa
CVE-2019-6562 (In Philips Tasy EMR, Tasy EMR Versions 3.02.1744 and prior, the
softwa ...)
@@ -13609,16 +13631,16 @@ CVE-2019-6550 (Advantech WebAccess/SCADA, Versions
8.3.5 and prior. Multiple sta
NOT-FOR-US: Advantech WebAccess/SCADA
CVE-2019-6549 (An attacker could retrieve plain-text credentials stored in a
XML file ...)
NOT-FOR-US: PR100088 Modbus
-CVE-2019-6548
- RESERVED
+CVE-2019-6548 (GE Communicator, all versions prior to 4.0.517, contains two
backdoor ...)
+ TODO: check
CVE-2019-6547 (Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor
Version 1.00 ...)
NOT-FOR-US: Delta Industrial Automation CNCSoft
-CVE-2019-6546
- RESERVED
+CVE-2019-6546 (GE Communicator, all versions prior to 4.0.517, allows an
attacker to ...)
+ TODO: check
CVE-2019-6545 (AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1
SP3 and I ...)
NOT-FOR-US: AVEVA
-CVE-2019-6544
- RESERVED
+CVE-2019-6544 (GE Communicator, all versions prior to 4.0.517, has a service
running ...)
+ TODO: check
CVE-2019-6543 (AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1
SP3 and I ...)
NOT-FOR-US: AVEVA
CVE-2019-6542 (ENTTEC Datagate MK2, Storm 24, Pixelator all firmware versions
prior t ...)
@@ -19265,10 +19287,10 @@ CVE-2019-4074 (IBM Sterling B2B Integrator Standard
Edition 6.0.0.0 and 6.0.0.1
NOT-FOR-US: IBM
CVE-2019-4073 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and
6.0.0.1 is vu ...)
NOT-FOR-US: IBM
-CVE-2019-4072
- RESERVED
-CVE-2019-4071
- RESERVED
+CVE-2019-4072 (IBM Tivoli Storage Productivity Center (IBM Spectrum Control
Standard ...)
+ TODO: check
+CVE-2019-4071 (IBM Tivoli Storage Productivity Center (IBM Spectrum Control
Standard ...)
+ TODO: check
CVE-2019-4070
RESERVED
CVE-2019-4069
@@ -27052,8 +27074,8 @@ CVE-2019-1570 (The Expedition Migration tool 1.1.8 and
earlier may allow an auth
NOT-FOR-US: Expedition Migration tool
CVE-2019-1569 (The Expedition Migration tool 1.1.8 and earlier may allow an
authentic ...)
NOT-FOR-US: Expedition Migration tool
-CVE-2019-1568
- RESERVED
+CVE-2019-1568 (Cross-site scripting (XSS) vulnerability in Palo Alto Networks
Demisto ...)
+ TODO: check
CVE-2019-1567 (The Expedition Migration tool 1.1.6 and earlier may allow an
authentic ...)
NOT-FOR-US: Expedition Migration tool
CVE-2019-1566 (The PAN-OS management web interface in PAN-OS 7.1.21 and
earlier, PAN- ...)
@@ -31538,8 +31560,7 @@ CVE-2019-0227 (A Server Side Request Forgery (SSRF)
vulnerability affected the A
NOTE: disclosure mentions "03/12/2019 - Apache applied SSRF patch":
NOTE: https://github.com/RhinoSecurityLabs/CVEs/issues/1
NOTE:
https://github.com/apache/axis1-java/commit/35511b872a6460129cfc0cd35baaccbd820977b5
-CVE-2019-0226
- RESERVED
+CVE-2019-0226 (Apache Karaf Config service provides a install method (via
service or ...)
- apache-karaf <itp> (bug #881297)
CVE-2019-0225 (A specially crafted url could be used to access files under the
ROOT d ...)
- jspwiki <removed>
@@ -32921,6 +32942,7 @@ CVE-2018-18851
CVE-2018-18850 (In Octopus Deploy 2018.8.0 through 2018.9.x before 2018.9.1,
an authen ...)
NOT-FOR-US: Octopus Deploy
CVE-2018-18849 (In Qemu 3.0.0, lsi_do_msgin in hw/scsi/lsi53c895a.c allows
out-of-boun ...)
+ {DLA-1781-1}
- qemu 1:3.1+dfsg-1 (bug #912535)
[stretch] - qemu <no-dsa> (Minor issue, pending for stable point update)
- qemu-kvm <removed>
@@ -51387,6 +51409,7 @@ CVE-2018-11808 (Incorrect Access Control in
CustomFieldsFeedServlet in Zoho Mana
CVE-2018-11807
RESERVED
CVE-2018-11806 (m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow
via inc ...)
+ {DLA-1781-1}
- qemu 1:3.1+dfsg-1 (bug #901017)
[stretch] - qemu <no-dsa> (Minor issue, pending for stable point update)
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2018-06/msg01012.html
@@ -98805,8 +98828,8 @@ CVE-2017-12841
RESERVED
CVE-2017-12840 (A kernel driver, namely DLMFENC.sys, bundled with the DESLock+
client ...)
NOTE: DESLock+
-CVE-2017-12839
- RESERVED
+CVE-2017-12839 (A heap-based buffer over-read in the getbits function in
src/libmpg123 ...)
+ TODO: check
CVE-2017-12838 (Cross-site request forgery (CSRF) vulnerability in NexusPHP
1.5 allows ...)
NOT-FOR-US: NexusPHP
CVE-2017-12837 (Heap-based buffer overflow in the S_regatom function in
regcomp.c in P ...)
@@ -98882,12 +98905,12 @@ CVE-2017-12808
RESERVED
CVE-2017-12807
REJECTED
-CVE-2017-12806
- RESERVED
-CVE-2017-12805
- RESERVED
-CVE-2017-12804
- RESERVED
+CVE-2017-12806 (In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was
found in ...)
+ TODO: check
+CVE-2017-12805 (In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was
found in ...)
+ TODO: check
+CVE-2017-12804 (The iwgif_init_screen function in imagew-gif.c:510 in
ImageWorsener 1. ...)
+ TODO: check
CVE-2017-12803 (The Node_ValidatePtr function in corec/corec/node/node.c in
mkclean 0. ...)
NOT-FOR-US: mkclean
CVE-2017-12802 (The EBML_IntegerValue function in ebmlnumber.c in libebml2
through 201 ...)
@@ -98939,12 +98962,12 @@ CVE-2017-12791 (Directory traversal vulnerability in
minion id validation in Sal
NOTE: https://github.com/saltstack/salt/pull/42944
NOTE:
https://github.com/saltstack/salt/commit/6366e05d0d70bd709cc4233c3faf32a759d0173a
NOTE:
https://docs.saltstack.com/en/2016.11/topics/releases/2016.11.7.html
-CVE-2017-12790
- RESERVED
+CVE-2017-12790 (Metinfo 5.3.18 is affected by: Cross Site Request Forgery
(CSRF). The ...)
+ TODO: check
CVE-2017-12789
RESERVED
-CVE-2017-12788
- RESERVED
+CVE-2017-12788 (Multiple cross-site scripting (XSS) vulnerabilities in
admin/index.php ...)
+ TODO: check
CVE-2017-12787 (A network interface of the novi_process_manager_daemon
service, includ ...)
NOT-FOR-US: NoviWare
CVE-2017-12786 (Network interfaces of the cliengine and noviengine services,
included ...)
@@ -98963,8 +98986,8 @@ CVE-2017-12780 (The ReadData function in ebmlstring.c
in libebml2 through 2012-0
NOT-FOR-US: libembl2 (different codebase than src:libebml)
CVE-2017-12779 (The Node_GetData function in corec/corec/node/node.c in
mkvalidator 0. ...)
NOT-FOR-US: libembl2 (different codebase than src:libebml)
-CVE-2017-12778
- RESERVED
+CVE-2017-12778 (The UI Lock feature in qBittorrent version 3.3.15 is
vulnerable to Aut ...)
+ TODO: check
CVE-2017-1000112 (Linux kernel: Exploitable memory corruption due to UFO to
non-UFO path ...)
{DSA-3981-1}
- linux 4.12.6-1 (low)
@@ -99041,16 +99064,16 @@ CVE-2017-12762 (In /drivers/isdn/i4l/isdn_net.c: A
user-controlled buffer is cop
- linux 4.13.4-1 (unimportant)
NOTE: Fixed by:
https://git.kernel.org/linus/9f5af546e6acc30f075828cb58c7f09665033967
(v4.13-rc4)
NOTE: Driver is disabled since squeeze and unmaintained for a long time
-CVE-2017-12761
- RESERVED
-CVE-2017-12760
- RESERVED
-CVE-2017-12759
- RESERVED
-CVE-2017-12758
- RESERVED
-CVE-2017-12757
- RESERVED
+CVE-2017-12761 (http://codecanyon.net/user/Endober WebFile Explorer 1.0 is
affected by ...)
+ TODO: check
+CVE-2017-12760 (Ynet Interactive - http://demo.ynetinteractive.com/mobiketa/
Mobiketa ...)
+ TODO: check
+CVE-2017-12759 (Ynet Interactive - http://demo.ynetinteractive.com/soa/ SOA
School Man ...)
+ TODO: check
+CVE-2017-12758 (https://www.joomlaextensions.co.in/ Joomla! Component
Appointment 1.1 ...)
+ TODO: check
+CVE-2017-12757 (Certain Ambit Technologies Pvt. Ltd products are affected by:
SQL Inje ...)
+ TODO: check
CVE-2017-12756 (Command inject in transfer from another server in extplorer
2.1.9 and ...)
{DLA-1063-1}
- extplorer <removed>
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/81abf8d568fa3fee389a74d2a8d5dfa0a347009b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/81abf8d568fa3fee389a74d2a8d5dfa0a347009b
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
